<?php

if(isset($_POST['oldPassword']) && isset($_POST['newPassword'])){
#if it is a login request

  #Get username and password from post
  $oldPassword = md5($_POST['oldPassword']);
  $newPassword = md5($_POST['newPassword']);

  #Require usr db model
  require_once $BASE_PATH . 'm/usr.php';

  $usrcn = new USR(DBHOST, DBUSER, DBPASS, DBNAME);

  $userInfo = $usrcn->getByID($UID);

  if($userInfo){
    #Check the username and password
    if($userInfo['pwd'] === $oldPassword){

      $usrcn->alt($UID, $newPassword);

      unset($_SESSION['usr']);

      echo '{"code": 0}';

    }else{

      echo '{"code": 2, "message": "password wrong"}';

    }

  }else{

    echo '{"code": 1, "message": "user not exist"}';

  }
}
